In modern, large scale computer installations, it is typical that users will alternately receive processing of portions of their project for short periods of time. For example, a single computer servicing many video terminals will skip from terminal to terminal on a demand basis. It is therefore inefficient to remove the code and data for all but the current user from the machine. In addition, not infrequently several users will be sharing certain code or data. In the video terminal example, the users may all be setting type or may be interacting with a single educational program. Or, all programmers in a computer installation may be using at times one or more of the compiling programs available. If a data base has been created, all users may have access to at least portions of this data base, and thus it will never be removed from the system. Even very large data bases and programs can be held constantly within the computer's memory through the use of virtual addressing.
Through the use of virtual addressing, literally the entire mass storage of the installation is made available to each individual user on a demand basis. The requirements of users of large computer installations are typically substantially less than the entire capabilities of the installation. Therefore, each user's private code and data are always present in the system and theoretically available to other users.
In most situations, this is not a desirable condition. The users may be direct competitors of each other in a service bureau environment. Some users may dishonestly wish to gain access to other users' information. Individual users may have untested code which can unintentionally destroy other users' information. Some users may have classified information in the system which must not be available to users without the requisite classification level and need to know. There is, therefore, substantial motivation for providing computational facilities which can provide service to large numbers of users and at the same time isolate each user from all others.
An additional complication is the situation where a plurality of users will be sharing the same code. That is, at different times in the processing duties of the machine, different users will be executing the identical code with, perhaps, different data. The compiler is one example where each user's input data has different source code, and each user's object code forms the output.
Digital keys and locks are being used as at least a Partial solution to these problems. A digital key is simply a unique sequence of bits assigned to a particular user or program. A lock is a similar sequence of bits assigned to a resource of the computing system. This resource may be a peripheral device, data tables, program code or memory area within the central processor. Before access to a particular resource is permitted, the key assigned to the requesting user is compared with the lock assigned to the resource, and if unequal the requesting user is denied use of the requested resource. The central processor contains hardware and/or software which prevents any user from subverting the key-lock testing process by, for example, altering a key or lock or by disabling the testing process.
U.S. Pat. No. 3,938,100 explains the basics of lock and key implementation. This patent teaches the use of a register which contains several keys, and a page table (which corresponds approximately to the segment tables of this description) containing a lock value for each active page in the memory. A memory reference is permitted only if one of the key codes matches the lock code associated with the referenced page. In this manner, a supervisory routine which alone has access to the lock and key values, can exclude any user from referencing or executing within all pages except for those whose locks correspond to one of the four key values. Lockout bits select the type of memory operations permitted for those pages whose locks match the keys associated with each lockout bit collection.